package com.huihui.springbootshiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * 项目名称: springboot-shiro
 * @ClassName OrderController
 * @Description
 * @Author huipanxing huipanxing@chinasofti.com   @Date 2021/7/6 17:41
 */
@Controller
@RequestMapping("order")
public class OrderController {

    @RequestMapping("save")
    @RequiresRoles(value = {"admin","user"})
    public String save() {
        System.out.println("进入方法");
        Subject subject = SecurityUtils.getSubject();
        if (subject.hasRole("admin")) {
            System.out.println("保存订单！");
        } else {
            System.out.println("无权访问！");
        }
        return "redirect:/index.jsp";
    }

}
